General

  • Target

    file.exe

  • Size

    328KB

  • Sample

    220927-weksgafbdp

  • MD5

    36ac3d35c3212460c0679498503ba018

  • SHA1

    3ba4f67dc6fa65d912677ff18bf0055d11f7a8e4

  • SHA256

    cb0be07b155bc7c48557981e7c66ccdc103669b9c6b349e717e4576fa1f5f7e1

  • SHA512

    2712dff536e6af8b780c247caa56c3ba99cbc5875eca4983ee046fd468ffad7481d747564829bcd365cebfdd5d160a9979435fd5256ffc8e8411a4aa4e02a54e

  • SSDEEP

    6144:3r4yalazywdjd4js2J0tN3cnigabwVfs:3r4tazvd+QP3ciB

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Extracted

Family

systembc

C2

141.98.82.229:4001

Targets

    • Target

      file.exe

    • Size

      328KB

    • MD5

      36ac3d35c3212460c0679498503ba018

    • SHA1

      3ba4f67dc6fa65d912677ff18bf0055d11f7a8e4

    • SHA256

      cb0be07b155bc7c48557981e7c66ccdc103669b9c6b349e717e4576fa1f5f7e1

    • SHA512

      2712dff536e6af8b780c247caa56c3ba99cbc5875eca4983ee046fd468ffad7481d747564829bcd365cebfdd5d160a9979435fd5256ffc8e8411a4aa4e02a54e

    • SSDEEP

      6144:3r4yalazywdjd4js2J0tN3cnigabwVfs:3r4tazvd+QP3ciB

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks